Object identifiers are defined corresponding to the CRL fields defined by the X.509 V2 standard. One primary subarc is defined for this purpose:
#define INTEL_X509V2_CRL_R08 INTEL_SEC_FORMATS, 2, 1
#define INTEL_X509V2_CRL_R08_LENGTH INTEL_SEC_FORMATS_LENGTH+2
/* x509V2 entry in the CRL revokedCertificates sequence */
typedef struct cssm_x509_revoked_cert_entry {
CSSM_DATA certificateSerialNumber;
CSSM_X509_TIME revocationDate;
CSSM_X509_EXTENSIONS extensions;
} CSSM_X509_REVOKED_CERT_ENTRY, *CSSM_X509_REVOKED_CERT_ENTRY_PTR;
typedef struct cssm_x509_revoked_cert_list {
uint32 numberOfRevokedCertEntries;
CSSM_X509_REVOKED_CERT_ENTRY_PTR revokedCertEntry;
} CSSM_X509_REVOKED_CERT_LIST, *CSSM_X509_REVOKED_CERT_LIST_PTR;
/* x509v2 Certificate Revocation List (CRL) (unsigned) structure */
typedef struct cssm_x509_tbs_certlist {
CSSM_DATA version;
CSSM_X509_ALGORITHM_IDENTIFIER signature;
CSSM_X509_NAME issuer;
CSSM_X509_TIME thisUpdate;
CSSM_X509_TIME nextUpdate;
CSSM_X509_REVOKED_CERT_LIST_PTR revokedCertificates;
CSSM_X509_EXTENSIONS extensions;
} CSSM_X509_TBS_CERTLIST, *CSSM_X509_TBS_CERTLIST_PTR;
typedef struct cssm_x509_signed_crl {
CSSM_X509_TBS_CERTLIST tbsCertList;
CSSM_X509_SIGNATURE signature;
} CSSM_X509_SIGNED_CRL, *CSSM_X509_SIGNED_CRL_PTR;
The CSSM "get" functions accept an OID as input and return a single CSSM_DATA structure. The same use model is applied in this case.
The following table maps the object identifier for a selected set
of CRL fields to the structure and format accepted as input by
the "create" and "set" operations, and returned as output by
the "get" operation.
| CRL OID Names | Structure and Format of the ->Data entry of a CSSM_DATA structure |
|---|---|
| X509V2CRLSignedCrlStruct | BER/DER-encoded CSSM_X509_SIGNED_CRL structure |
| X509V2CRLSignedCrlCStruct | CSSM_X509_SIGNED_CRL structure |
| X509V2CRLTbsCertListStruct | BER/DER-encoded CSSM_X509_TBS_CERTLIST structure |
| X509V2CRLTbsCertListCStruct | CSSM_X509_TBS_CERTLIST structure |
| X509V2CRLVersion | BER Integer |
| X509V1CRLIssuerStruct | BER/DER-encoded CSSM_X509_NAME structure |
| X509V1CRLIssuerNameCStruct | CSSM_X509_NAME structure |
| X509V1CRLIssuerNameLDAP | LDAP string |
| X509V1CRLThisUpdate | UTC Time string |
| X509V1CRLNextUpdate | UTC Time string |
| X509V1CRLRevokedCertificatesStruct | BER/DER-encoded CSSM_X509_REVOKED_CERT_LIST structure |
| X509V1CRLRevokedCertificatesCStruct | CSSM_X509_REVOKED_CERT_LIST structure |
| X509V1CRLNumberOfRevokedCertEntries | Platform-dependent integer |
| X509V1CRLRevokedEntryStruct | BER/DER-encoded CSSM_X509_REVOKED_CERT_ENTRY structure |
| X509V1CRLRevokedEntryCStruct | CSSM_X509_REVOKED_CERT_ENTRY structure |
| X509V1CRLRevokedEntrySerialNumber | BER Integer |
| X509V1CRLRevokedEntryRevocationDate | UTC Time string |
| X509V2CRLRevokedEntryAllExtensionsStruct | BER/DER-encoded CSSM_X509_EXTENSIONS structure |
| X509V2CRLRevokedEntryAllExtensionsCStruct | CSSM_X509_EXTENSIONS structure |
| X509V2CRLRevokedEntryNumberOfExtensions | Platform-dependent integer |
| X509V2CRLRevokedEntrySingleExtensionStruct | BER/DER-encoded CSSM_X509_EXTENSION structure |
| X509V2CRLRevokedEntrySingleExtensionCStruct | CSSM_X509_EXTENSION structure |
| X509V2CRLRevokedEntryExtensionId | Extension OID |
| X509V2CRLRevokedEntryExtensionCritical | CSSM_BOOL |
| X509V2CRLRevokedEntryExtensionType | CL_DER_TAG_TYPE |
| X509V2CRLRevokedEntryExtensionValue | Byte string |
| X509V2CRLAllExtensionsStruct | BER/DER-encoded CSSM_X509_EXTENSIONS structure |
| X509V2CRLAllExtensionsCStruct | CSSM_X509_EXTENSIONS structure |
| X509V2CRLNumberOfExtensions | Platform-dependent integer |
| X509V2CRLSingleExtensionStruct | BER/DER-encoded CSSM_X509_EXTENSION structure |
| X509V2CRLSingleExtensionCStruct | CSSM_X509_EXTENSION structure |
| X509V2CRLExtensionId | Extension OID |
| X509V2CRLExtensionCritical | CSSM_BOOL |
| X509V2CRLExtensionType | CL_DER_TAG_TYPE |
| X509V2CRLExtensionValue | Byte string |
| Contents | Next section | Index |